Location
Laurel, MD | United States
Job description
Work as a Product Vulnerability Researcher for a complex security platform to identify flaws in hardware and software. Utilize the latest techniques in vulnerability/exploit research for analyzing the security of applications and services, discovering and addressing security issues, building security automation, and decisively taking action to mitigate emerging threats throughout a full secure development life cycle (SDLC). Help design security controls and validate that our services, applications, and emerging technologies are designed and implemented to the highest security standards.
REQUIRED QUALIFICATIONS:
- 5+ years of experience developing security tools and penetration testing scripts
- 5+ years of experience performing application and infrastructure penetration testing to discover and exploit vulnerabilities
- Experience with modern exploitation techniques, exploit mitigation techniques, and software protections or binary armoring
- Experience with software development and testing in Python, Java, JavaScript, C/C++, or ASM
- Knowledge of OS Internals
- Knowledge of the system engineering life cycle, including security architecture, software security, intrusion detection, and defensive countermeasures
- Ability to develop detailed technical documentation describing identified vulnerabilities, associated impact as well as recommendations
- HS diploma or GED
- Applicants selected will be subject to a security investigation and may need to meet eligibility requirements for access to classified information
DESIRED QUALIFICATIONS:
- Experience with offensive security research & development and maintaining both an on-premise and cloud-hosted attack lab environment
- Knowledge of Red Team concepts and adversarial tradecraft against physical and software defined networking, operating systems, web applications, databases, and modern container orchestration frameworks
- Knowledge of the Penetration Testing Execution Standard (PTES)
- Knowledge of MITRE ATT&CK Framework and its application
- Knowledge of Linux/Red Hat preferred
- Knowledge of IT concepts, including Active Directory, TCP/IP, 802.11x, IPSEC, ICAM, Cryptography, and Cloud
- Ability to develop custom tools and tradecraft to automate tasks
- Ability to communicate upwards and to peers and presenting technical subjects to non-technical audiences
- TS/SCI clearance with a polygraph
- OSCP, OSWP, OSEP, OSCE, OSWA, or OSWE Certification
CLEARANCE:
Job tags
Salary
